Winamp Multiple Vulnerabilities

Last Update Date: 28 Oct 2011 14:58 Release Date: 28 Oct 2011 5786 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.

  1. An error in the in_midi.dll plugin when handling the "iOffsetMusic" value within the Creative Music Format (CMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
  2. An error in the in_mod.dll plugin when handling the "channels" value within the Advanced Module Format (AMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".amf" file.
  3. An error in the in_nsv.dll plugin when handling the "toc_alloc" value within the Nullsoft Streaming Video (NSV) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".nsv" file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
 

Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.622.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Google Chrome Multiple Vulnerabilities

27 Oct 2011 5517 Views

Next

OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability

28 Oct 2011 5608 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY